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REMARKS 

Claims 1-38 are pending in the present application. Reconsideration of the claims 
is respectfully requested. An amendment was made to claim 1 to correct an antecedent 
basis problem. The term "the cookie* 1 was amended to recite 'the fi r$t cookie". This 
amendment is not in response to the art rejection made by the examiner and does not 
change the scope of this claim. Other claims, such as independent claim 21 and 
independent claim 37, reciting this element do so with the proper antecedent basis. 

Applicants thank the examiner for the interview on January 14, 2004. In this 
interview, the examiner said that she would consider the points presented with respect to 
claim 1 in reviewing these remarks. The remarks explain in more detail applicants points 
with respect to the cited reference not teaching the storing step, the comparing step, and 
the order of steps as discussed in the telephone conference. Further, these remarks also 
include a discussion as to why the allowing step also is not shown in claim 1 as well as 
some remarks regarding the dependent claims. 

I- 35 U.S.C. $ 102(e\ Anticipation 

The examiner has rejected claims 1-38 under 35 U.S.C. § 102(e) as being 
anticipated by Grantges, Jr. T United States Patent Number 6,324,648 Bl ("Grantges"). 
This rejection is respectfully traversed. 

In rejecting the claims* the examiner stated the following: 

In reference to claims 1, 10, 17, 21, 30, 37, and 38 Grantges 
discloses a system comprising a cache (column 5 lines 65-67); a cookie 
management process, wherein the cookie management process generates a 
cookie in response to receiving a request to access a resource within the 
data processing system from a requestor (column 4 lines 36-40 and 
column 10 lines 6-13); sends the cookie to the requestor (column 10 lines 
23-25), stores the cookie and an identification of the requestor in the cache 
(column 1 1 lines 13-30); responsive to being presented a received cookie 
from a source, compares the cookie and the identification of the requestor 
to the received cookie and the source (column 10 lines 55-67); and allows 
access to the resource in response to a match between the cookie and the 
identification of the requestor with the received cookie and the source 
(column 1 1 lines 41-43). 

Office Action, dated November 13, 2003, page 2. 
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A prior art reference anticipates the claimed invention under 35 U.S.C. § 102(e) 
only if every element of a claimed invention is identically shown in that single reference, 
arranged as they are in the claims. In re Bond, 910 F.2d 831, 832, 15 U.S.P.Q.2d 1566, 
1567 (Fed. Cir, 1990). All limitations of the claimed invention must be considered when 
determining patentability. In re Lowry, 32 F.3d 1579, 1582, 32 U.S.P.Q.2d 1031, 1034 
(Fed. Cir. 1994). Anticipation focuses on whether a claim reads on the product or process a 
prior art reference discloses, not on what the reference broadly teaches. Kalman v. 
Kimberly-Clark Corp., 713 F.2d 760, 218 U.S.P.Q, 781 (Fed. Cir. 1983). 

In this particular case, each and every feature of the presently claimed invention is 

not taught or shown in the same arrangement as in Grantges as believed by the examiner. 

Claim 1 is a representative claim of the independent claims and reads as follows: 

1 . A method in a data processing system for providing access to 
resources within the data processing system, the method comprising the 
data processing system implemented steps of: 

receiving a request from a requestor to access a resource in the data 
processing system; 

sending a first cookie to the requestor in response to the request, 
wherein the cookie is used to access the resource; 

storing an identification of the requestor and the first cookie to 
form a stored identification and a stored cookie; 

responsive to receiving a second cookie from a source, comparing 
an identification of the source and the second cookie with the stored 
identification and the stored cookie; and 

responsive to a match between the identification of the source aud 
the second cookie and the stored identification and the stored cookie, 
allowing access to the resource. 

The storing, comparing, and allowing steps in claim 1 are not found in Grantges 
as believed by the examiner. For example, the examiner cites the following 
portion of Grantges for storing an identification of the requestor and the first 
cookie: 

Tn step 106, authorization plug-in 42 associated with 
gateway proxy server 40 queries authorization server 46 for 
authentication of the user 1 8. Plug-in 42 provides the X.509 digital 
certificate particulars in a message to authorization server 46. In 
step 108, authorization plug-in 42 determines the applications for 
which access by the user 18 is authorized, all through messaging 
with authorization server 46. In step, 110, gateway proxy server 46 
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obtains an overall gateway user identification (ID) fox the user. 
This gateway user ID may facilitate access to and usage of the 
plurality of applications 24 b 24 2 , . - . , 24 3 . For example, the 
overall gateway user ID may be passed to the application, which 
may use it to look up in its local database user profile information 
describing what functions the user is allowed to perform, in the 
particular application, A gateway user ID cookie may be set to 
implement this information passing. Steps 106-1 10 may be 
performed sequentially, or as a composite request, or in any other 
way known in the art. 

Grantges, column 1 1, lines 13-30. In this particular section, Grantges does not teach 
storing a cookie and an identification of a requestor. Instead, this portion of Grantges 
teaches authentication of a user and then obtaining a gateway user id. The gateway user 
id and other information may be placed into a gateway user id cookie, Grantges, 
however, does not teach or disclose that the cookie and the identification of the requestor 
are stored. 

Next, the examiner points to the following portion of Grantges for comparing the 
stored cooki e and the identification of the requestor to a recei ved cookie and the source: 

In step 1 00, authorization plug-in 42 begins execution. 

In step 102, authorization plug-in 42 checks to determine whether 
the incoming message contains a valid authentication cookie 90. Validity 
requires that the user's digital certificate has in-fact authenticated the user 
of the client computer 22, an d, that the tixnestamp meets predetermined 
timing criteria (i.e., it must not be too old). In particular, the presence of 
authentication cookie 90 itself is indicative of a successful authentication. 
Because of die non-persistent nature of cookie 90, cookie 90 does not 
come from a stored file, but only as a result of a successful authentication. 

Grantges, column 1 0 } line 55-column 1 1, line 1. This cited portion of Grantges does not 
show comparing a stored cookie and an identification of a requestor to a received cookie 
and a source for that received cookie. Instead, this portion of Grantges discloses steps 
used to authorize a user. Specifically, Grantges looks for a valid authentication cookie in 
an incoming message. This cookie is one that is generated only as a result of a successful 
authentication and includes a time stamp for timing criteria. In other words, if a cookie is 
present in the message, the cookie is a valid authentication cookie only if the cookie is 
not too old. 
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Thus, this cited portion of Grantges teaches looking for a valid cookie in a 
message. No comparing of a received cookie with a stored cookie occurs. Additionally, 
a comparison of the requestor stored with the stored cookie and the identification of the 
source of the received cookie also does not occur. 

Additionally, even, assuming arguendo, if the storing step aod the comparing step 
were to be found in Grantges as asserted by the examiner, these steps are not arranged in 
the same arrangement as in the presently claimed invention . The examiner points to the 
section of Grantges describing step 106 as teaching the storing step and points the portion 
of Grantges disclosing steps 100 and 102 as teaching the comparing step. Figure 5 of 
Grantges is as follows: 
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As can be seen, step 106 occurs after steps 1 00 and 102 in figure 5 of Grantges, 
which is opposite to the teaching asserted by the examiner. The examiner's interpretation 
of this reference requires step 106 to occur prior to steps 1 00 and 102 in order to read on 
the presently claimed invention in claim 1. Thus, even assuming arguendo that those 
steps are even present in the cited portions, those steps are not in the same identical 
arrangement in Graniges as in claim L 

Thus, Grantges does not teach the storing step and the comparing step as recited 
in claim 1 and further, the examiner's interpretation requires for the steps to be taken out 
of order from the claims. 

Furthermore, Grantges also does not teach allowing access to the resource in 

response to a match between the stored cookie and the identification of the requestor with 

a received cookie and a source as believed by the examiner. The examiner points to the 

following portion of Grantges for this interpretation: 

However, if, in step 102, the answer is "YES M , then the user/client 
computer 22 has already been authenticated. The method then branches to 
step 118. 

Grantges, column 1 ) 7 lines 40-43. This portion of Grantges only teaches determining 
whether the user or client has been authenticated in step 102. Next, the process may 
proceed to step 118 which is another determination, rather than providing access to the 
resource. 

With respect to the allowing step, no teaching is present for providing access to a 
resource in response to a match between the stored cookie and the identification of the 
requestor with a received cookie and a source. In figure 5, this step determines whether a 
valid authentication cookie is present. Other portions of Grantges describe this step as 
determining whether the message contains a vaJid authentication cookie, A time stamp in 
an authentication cookie is checked to determine whether the cookie is too old. 
Responsive to the determination in step 102, Grantges specifically teaches making 
another determination in step 118 if the cookie is validated. Access to the resource is not 
provided in response to the presence of a match as recited in the comparing step of claim 
1 in which a determination is made as to whether a match between the stored cookie and 
the identification of the requestor with a received cookie and a source. Further, even if 
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step 102 could be interpreted as reading on the comparing step, access to a resource is not 
provided in response to a positive determination. 

Further, in view of the discussion above, Grantges also does not show the step of 
sending the first cookie to the requestor. Grantges discloses a server side authentication 
for a cli ent seeking access. This authentication of the client is performed an d then a 
cookie is created that is pasted within the server to show or evidence the authentication. 
In contrast, the presently claimed response to a host request from a client by generating a 
cookie for use in accessing the resource and sending the cookie back to the client. 

Thus, each and every feature of the presently claimed invention in claim 1 and the 
other independent claims are not taught or disclosed in Grantges in the same arrangement 
as in the presently claimed invention. 

Since the dependent claims depend from the independent claims, the same 
distinctions between Grantges and the claimed invention in the independent claims for 
these dependent claims. Additionally, the dependent claims claim other additional 
combinations of features not suggested by the reference. 

For example, claim 4 is a representative claim containing features also rejected by 

the examiner in claims 9, 15, 16, 19, 24, 29, 35, and 36. Claim 4 reads as follows: 

4. The method of claim 1, wherein the resource is a file and the first 
cookie identifies disk location of the file. 

In rejecting these claims, the examiner stated: 

In reference to claims 4, 9, 15, 16, 19, 24, 29, 35, and 36 wherein 
the resource is a file and the first cookie identifies disk location of the file. 
The cookies disclosed by Grantges have a list of the applications available 
to the user (column 10 lines 15-17). Applications are stored in files 
therefore the resource that is requested is a file. The file location can be 
derived from the file name. 

Office Action, dated November 13, 2003, page 3. The section of Grantges cited by the 
examiner reads as follows: 

Applications list cookie 92 may include an identification of the 
particular applications for which client computer 22 is authorized. 

Grantges, column 10, lines 15-17. As can be seen, Grantges does not teach using a 
cookie that identifies a disk location of a resource in the form of a file. Instead, Grantges 
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teaches identifying the application name. The fact that a file location may be derived 

from the file name is uxelevaot, because this teaching is not found in Grantges. 

Therefore, Grantges does not anticipate these claims. Such a feature also is not 

suggested by this cited portion. 

In another example, the examiner rejects claims 3 and 23 stating the following: 

In reference to claims 3 and 23, wherein the system comprises: 
rejecting means, responsive to an absence of a match between the 
identification of the source and the second cookie and the stored 
identification and the stored cookie, for rejecting the second cookie (part 
222 of Fig 8). 

Office Action, dated November 13, 2003, page 3. Such a feature is not present in this 
particular element. Element 222 in figure 8 is as follows: 
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Figure 8 does not show the generation of an authorization eiror message in step 222 as 

being in response to an absence of a match between the identification of the source and 

the second cookie and the stored identification and the stored cookie, for rejecting the 

second cookie as recited in these claims. Instead, this figure shows the message being 

generated in response to the user not being authenticated. 

Grantges describes the authentication in step 220 as follows: 

In step 220, web server 210 determines whether the user is 
authenticated. This step may simply involve evaluating the response 
returned from authorization server 46. If the answer is "NO", then the 
decision step 220 branches to step 222. 

Grantges, column 15, lines 3-7. As can be seen, Grantges does not teach rejecting the 
cookie based on an absence of a match between the identification of the source and the 
second cookie and the stored identification and the stored cookie. This cited reference 
only teaches generating an error message based on a response returned from an 
authorization server without providing any specifics as to bow the determination is made. 

Therefore, each and every feature of claims 3 and 23 also are not shown in 
Grantges. Thus, these claims are not anticipated. 

Consequently, it is respectfully urged that the rejection of claims 1-38 have been 
overcome. Therefore, the rejection of claims t-38 under 35 U.S.C § 102(e) has been 
overcome. 

Furthermore, Grantges docs not teach, suggest, or give any incentive to make the 
needed changes to reach the presently claimed invention. For example, Grantges teaches 
checking to see whether a valid authentication cookie is present in a message. No 
comparison of a stored cookie and an identification of a requestor is made with a received 
cookie and a source of the received cookie is taught or suggested by Grantges. At most, 
this cited reference teaches checking a time stamp in a cookie received in a message to 
determine whether a cookie is valid or invalid as taught in the following section of 
Grantges: 

Then, the remaining requirement is that the timing criteria be satisfied. In 
one embodiment, a cookie 90 older than, preferably, 12 hours is 
considered "invalid". In another embodiment, a cookie 90 older than 4 
hours is considered "invalid". The length of time may be selected based on 
expected maximum session duration by user 18. 
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Grantges, column 11, lines 1-7. As can be seen, the age of the cookie is used to 
determine whether the cookie is valid. No comparison of cookies and identification of a 
requestor or source is taught or suggested by Grantges when Grantges is considered as a 
whole. 

Absent the examiner pointing out some teaching or incentive to implement 
Grantges in the mariner believed to be present in Grantges » one of ordinary skill in the art 
would not be led to modify Grantges to reach the present invention when the reference is 
examined as a whole. Absent some teaching, suggestion, or incentive to modify 
Grantges in this manner;, the presently claimed invention can be reached only through an 
improper use of hindsight using the applicants' disclosure as a template to make the 
necessary changes to reach the claimed invention. 

II. Conclusion 

It is respectfully urged that the subject application is patentable over Grantges and 
is now in condition for allowance. 

The examiner is invited to call the undersigned at the below-listed telephone 
number if in the opinion of the examiner such a telephone conference would expedite or 
aid the prosecution and examination of this application. 

DATE: January 26. 2004 



Respectfully submitted, 




Duke W. Yee 

Reg. No. 34,285 

Carstens, Yee & Cahoon, LLP 

P.O. Box 802334 

Dallas, TX 75380 

(972) 367-2001 

Attorney for Applicants 
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